public static void SetupFor(this Mock <IRequesterSecurity> requesterSecurity, Requester requester)
{
requesterSecurity.AssertNotNull("requesterSecurity");
requester.AssertNotNull("requester");
if (requester.Equals(Requester.Unauthenticated))
{
throw new ArgumentException("Requester must be authorized.", "requester");
}
requesterSecurity.Setup(v => v.AuthenticateAsync(Requester.Unauthenticated))
.Throws(new UnauthorizedException());
requesterSecurity.Setup(v => v.AuthenticateAsync(requester))
.ReturnsAsync(requester.UserId);
requesterSecurity.Setup(v => v.AuthenticateAsAsync(Requester.Unauthenticated, It.IsAny <UserId>()))
.Throws(new UnauthorizedException());
requesterSecurity.Setup(v => v.AuthenticateAsAsync(requester, It.IsNotIn(requester.UserId)))
.Throws(new UnauthorizedException());
requesterSecurity.Setup(v => v.AuthenticateAsAsync(requester, requester.UserId))
.ReturnsAsync(requester.UserId);
}
public Task <bool> IsInAllRolesAsync(Requester requester, IEnumerable <string> roles)
{
requester.AssertNotNull("requester");
roles.AssertNotNull("roles");
roles = this.CheckRoles(roles);
return(Task.FromResult(roles.Where(v => v != null).All(requester.IsInRole)));
}
public async Task <Requester> ExecuteAsync(Requester requester, UserId requestedUserId)
{
requester.AssertNotNull("requester");
requestedUserId.AssertNotNull("requestedUserId");
var authenticatedUserId = await this.requesterSecurity.AuthenticateAsync(requester);
if (!authenticatedUserId.Equals(requestedUserId))
{
var isAdministrator = await this.requesterSecurity.IsInRoleAsync(requester, FifthweekRole.Administrator);
if (isAdministrator)
{
// We will impersonate the user to get the required information.
var requestedUserRoles = await this.getUserRoles.ExecuteAsync(requestedUserId);
return(Requester.Authenticated(
requestedUserId,
requester,
requestedUserRoles.Roles.Select(v => v.Name)));
}
// Throw an appropriate exception.
await this.requesterSecurity.AuthenticateAsAsync(requester, requestedUserId);
}
return(null);
}
public async Task <UserId> TryAuthenticateAsync(Requester requester)
{
requester.AssertNotNull("requester");
if (requester.UserId == null)
{
return(null);
}
return(requester.UserId);
}
public async Task <UserId> AuthenticateAsync(Requester requester)
{
requester.AssertNotNull("requester");
if (requester.UserId == null)
{
throw new UnauthenticatedException();
}
return(requester.UserId);
}
public async Task AssertCreationAllowedAsync(Requester requester)
{
requester.AssertNotNull("requester");
var isCreationAllowed = await this.IsCreationAllowedAsync(requester);
if (!isCreationAllowed)
{
throw new UnauthorizedException("Not allowed to create blog. {0}", requester);
}
}
public async Task <UserId> AuthenticateAsAsync(Requester requester, UserId userId)
{
requester.AssertNotNull("requester");
userId.AssertNotNull("userId");
var authenticatedUserId = await this.AuthenticateAsync(requester);
if (!userId.Equals(authenticatedUserId))
{
throw new UnauthorizedException("User '{0}' is could not be authenticated as '{1}'.", requester.UserId, userId);
}
return(authenticatedUserId);
}
public Task <bool> IsInRoleAsync(Requester requester, string role)
{
requester.AssertNotNull("requester");
role.AssertNotNull("role");
return(Task.FromResult(requester.IsInRole(role)));
}
public Task <bool> IsCreationAllowedAsync(Requester requester)
{
requester.AssertNotNull("requester");
return(this.requesterSecurity.IsInRoleAsync(requester, FifthweekRole.Creator));
}
